SlideShare una empresa de Scribd logo

Starting up Containers Super Fast With Lazy Pulling of Images

Kohei Tokunaga
Kohei Tokunaga

Talked at Container Plumbing Days about speeding up container startup by lazy pulling images on Kubernetes, containerd, BuildKit, Podman and CRI-O with eStargz and zstd:chunked. eStargz and Stargz Snapshotter: https://github.com/containerd/stargz-snapshotter zstd:chunked proposal: https://github.com/containers/storage/pull/775 Patch set to enable lazy pulling on Podman and CRI-O (a.k.a. Additional Layer Store): https://github.com/containers/storage/pull/795 https://github.com/containerd/stargz-snapshotter/pull/281

Software
1 de 27
Descargar para leer sin conexión
Copyright(c)2021 NTT Corp. All Rights Reserved Star%ng up Containers Super Fast With Lazy Pulling of Images Kohei Tokunaga, NTT Corporation Container Plumbing Days (March 10)
Copyright(c)2021 NTT Corp. All Rights Reserved TL;DR l Pull is one of the ?me-consuming steps in the container lifecycle l OCI-alterna?ve but OCI-compa?ble image formats are trying to solve it by lazy pulling • Legacy (lazy-pull-agnos?c) run?mes can run them (zstd requires recent run?mes). • eStargz by containerd Stargz SnapshoJer subproject • zstd:chunked discussed in Podman community l Collabora9on in community • Lazy pulling (eStargz) is available on: containerd, Kubernetes, BuildKit, Kaniko, go-containerregistry, nerdctl • On-going discussion of “Addi9onal Layer Store” feature to enable lazy pulling on Podman and CRI-O • hJps://github.com/containers/storage/pull/795 l On-going in 2021: Standardizing eStargz in OCI and improvements for stabilizing Stargz SnapshoJer Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04) Registry: GitHub Container Registry (ghcr.io) Run?me: containerd + Stargz SnapshoJer (47596d3) (See detailed info in the later slides) [sec] 0 5 10 15 20 25 30 zstd:chunked estargz estargz-noopt legacy gcc:10.2.0 (Compiles and runs printf("hello")) pull create run
Copyright(c)2021 NTT Corp. All Rights Reserved Pull is 'me-consuming pulling packages accounts for 76% of container start Cme, but only 6.4% of that data is read [Harter et al. 2016] [Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast DistribuCon with Lazy Docker Containers". 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA Caching images Minimizing image size Cold start is still slow Not all images are minimizable Language runtimes, frameworks, etc. Workarounds are known but not enough Node Registry Image Container pull run
Copyright(c)2021 NTT Corp. All Rights Reserved Problem on the current OCI/Docker image sha256:deadbeaf… sha256:1a3b5c… sha256:ffe63c… sha256:6ccde1… GET /v2/<image-name>/blobs/ bin/bash bin/ls etc/passwd etc/group usr/bin/apt layer = tarball (+compression) A container is a set of tarball layers A container can’t be started until the all layers become locally available l Need to scan the entire blob even for extracting single file entry • If the blob is gzip-compressed, it’s non-seekable anymore l No parallel extraction • Need to scan the blob from the top, sequentially
Copyright(c)2021 NTT Corp. All Rights Reserved Alterna(ve image formats: eStargz and zstd:chunked OCI run?mes Container Registry lazypull doesn’t download the entire image on pull operation but fetches necessary chunks of contents on-demand eStargz zstd:chunked BuildKit l Enable lazy pulling of container images from the registry l Compa?ble to OCI Image Specifica?on so lazy-pulling-agnos(c run(mes s(ll can run them • eStargz by containerd Stargz SnapshoJer subproject is compa?ble to gzip layers • zstd:chunked discussed in Podman community is compa?ble to zstd layers • Note: zstd requires recent run?mes (discussed later) CRI-O Podman
Copyright(c)2021 NTT Corp. All Rights Reserved eStargz
Copyright(c)2021 NTT Corp. All Rights Reserved eStargz overview l A variant of gzip compression. Compa@ble to RFC1952 (gzip) • Proposed by containerd Stargz SnapshoGer hGps://github.com/containerd/stargz-snapshoGer • Based on the stargz by Google CRFS (hGps://github.com/google/crfs) • eStargz comes with content verifica@on and performance op@miza@on l gzip-compressed layer is supported by OCI/Docker Image Spec and common in the current ecosystem • Legacy (lazy-pulling-agnos@c) run@mes s@ll can run eStargz (but without lazy pulling) l Lazy pulling of eStargz starts to be supported in community • Crea@ng eStargz: Kaniko, nerdctl, go-containerregistry, etc. • Lazy pulling of eStargz: containerd (and Kubernetes), BuildKit • Tracking at hGps://github.com/containerd/stargz-snapshoGer/issues/258
Copyright(c)2021 NTT Corp. All Rights Reserved The structure of eStargz l Seekable: Each file payload is compressed separately so can be extracted separately • SEll compaEble to RFC 1952 (gzip) • Each file/chunk can be fetched from the registry on-demand, using HTTP Range Request l Metadata (name, type, owner, …) of all files are stored to TOC (Table Of Contents) entry • Filesystem can be mounted without fetching the enEre blob l PrioriAzed files enables to prefetch likely accessed files ⚠ eStargz is incompaEble to stargz: “footer” is changed to make eStargz compaEble to RFC 1952 eStargz bin/ls usr/bin/apt entrypoint.sh bin/bash PrioriAzed files Prefetched by a single HTTP Range Request TOC(Table Of Contents) and footer l TOC contains files metadata, offset, etc… l footer contains offset of TOC ⚠ footer is incompaEble to stargz Files fetched on demand Can also be aggressively downloadeed in background gzip member per regular file/chunk Each chunk can be fetched and extracted separately, using HTTP Range Request of registry stargz bin/ls usr/bin/apt entrypoint.sh bin/bash For more details: hUps://github.com/containerd/stargz-snapshoUer/blob/master/docs/stargz-estargz.md
Copyright(c)2021 NTT Corp. All Rights Reserved Workload-based Op/miza/on proc container Input image Output image Convert & Op/mize Profile file access l Downloading each file/chunk on-demand costs extra overhead on each file access. l Leveraging eStargz, CLI converter command ctr-remote provides workload-based op/miza/on • Workload: entrypoint, envvar, etc… specified in Dockerfile (e.g. ENTRYPOINT) l ctr-remote (opRmizer tool) analyzes which files are likely accessed during runRme • Runs provided image and profiles all file accesses • Regards accessed files are also likely accessed during runRme (= priori/zed files) • Stargz SnapshoTer will prefetch these files when mounts this image eStargz For more details: hTps://github.com/containerd/stargz-snapshoTer/blob/master/docs/ctr-remote.md
Copyright(c)2021 NTT Corp. All Rights Reserved Content Verifica-on in eStargz chunkDigest chunkDigest chunkDigest containerd.io/snapshot/stargz/toc.digest file/chunk data file/chunk data file/chunk data Verified on resolve Verified on mount Verified on each fetch references by digest references by digest OCI Manifest TOC (metadata of all files) l Chunks are lazily pulled from registry on-demand • so they cannot verified when mounKng the layer l Chunks are “lazily” verified • TOC (metadata file) records digests per chunk • Each chunk can be verified when it’s fetched to the node • TOC itself is verified when mounKng that layer using the digest wriPen in the manifest (OCI AnnotaKon) For more details: hPps://github.com/containerd/stargz-snapshoPer/blob/master/docs/verificaKon.md (the above figure is from this doc)
Copyright(c)2021 NTT Corp. All Rights Reserved Discussion status of zstd:chunked
Copyright(c)2021 NTT Corp. All Rights Reserved zstd:chunked overview l A variant of zstd compression discussed in Podman community. • Proposed by Giuseppe Scrivano, Red Hat: hHps://github.com/containers/storage/pull/775 • Fast decompression by zstd • The idea is based on stargz (i.e. compresses each file separately) l Our lazy pulling implementaOon for zstd:chunked • hHps://github.com/containerd/stargz-snapshoHer/pull/281 l zstd-compressed (non-chunked) layer is start to be supported by recent runOmes • OCI image spec supports since August 2019 • hHps://github.com/opencontainers/image-spec/pull/788 • Containerd (v1.5 beta) supports zstd compressed layers. • CRI-O, Podman (github.com/containers/storage) supports zstd layers. • Docker: In progress hHps://github.com/moby/moby/issues/28394
Copyright(c)2021 NTT Corp. All Rights Reserved The structure of zstd:chunked Figure is from the proposal by Giuseppe Scrivano, Red Hat: hGps://github.com/containers/storage/pull/775 l Seekable: Each file payload is compressed separately so can be extracted separately l Metadata (name, type, owner, …) of all files are stored to the Manifest(= TOC of eStargz/stargz) Ø Filesystem can be mounted without fetching the enUre blob l Manifest(TOC) and Footer are prefixed by skippable frame Ø Invisible to zstd:chunked-agnosUc runUmes (decompressor) l Prefetch is not supported (currently)
Copyright(c)2021 NTT Corp. All Rights Reserved Content Verifica-on in zstd:chunked digest digest digest io.containers.zstd-chunked.manifest-checksum File payload File payload File payload Verified on resolve Verified on mount Verified on each fetch references by digest references by digest OCI Manifest TOC Manifest (metadata of all files) l “lazy” verificaJon based on eStargz • Manifest (TOC; metadata file) records digests of all files payload • Each file payload can be verified when it’s fetched to the node • TOC itself is verified when mounJng that layer using the digest wriPen in the manifest (OCI AnnotaJon)
Copyright(c)2021 NTT Corp. All Rights Reserved Startup (me of eStargz and zstd:chunked
Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup l Measures the container startup ?me which includes: • Pulling an image from GitHub Container Registry • For language container, running “print hello world” program in the container • For server container, wai?ng for the readiness (un?l “up and running” message is printed) • This method is based on Hello Bench [Harter, et al. 2016] l Takes 95 percen?le of 100 opera?ons l Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04) l Registry: GitHub Container Registry (ghcr.io) l Run?me: containerd + Stargz Snapsho[er (patched for enabling zstd:chunked) • h[ps://github.com/containerd/stargz-snapsho[er/pull/281 • Commit: 47596d33fa737ada970432938e36e9eff93c19f [Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast Distribu?on with Lazy Docker Containers". 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA
Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup [sec] Waits for prefetch compleAon 0 5 10 15 20 25 30 zstd:chunked estargz estargz-noopt legacy gcc:10.2.0 (Compiles and runs prinJ("hello")) pull create run
Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup [sec] Waits for prefetch compleAon 0 5 10 15 20 25 zstd:chunked estargz estargz-noopt legacy tomcat:10.0.0-jdk15-openjdk-buster(runs unAl "Server startup" is printed) pull create run
Copyright(c)2021 NTT Corp. All Rights Reserved Adop%on status of eStargz and zstd:chunked
Copyright(c)2021 NTT Corp. All Rights Reserved Lazy pulling on Kubernetes (eStargz) Nodes Stargz Snapsho9er External process gRPC API kubelet Lazy pull Container Registry Stargz Snapsho9er Stargz Snapsho9er l Lazy pulling can be enabled on Kubernetes without patches (eStargz is only supported currently) l containerd + Stargz SnapshoEer (discussed later) are needed on each node (CRI-O is WIP) l Real-world use-case at CERN for speeding up analysis pipeline [1] (13x faster pull for 5GB image) l On-going integraUon with KinD and k3s • KinD: hEps://github.com/k3s-io/k3s/pull/2936 • k3s: hEps://github.com/kubernetes-sigs/kind/pull/2076 [1] Ricardo Rocha & Spyridon Trigazis, CERN. “Speeding Up Analysis Pipelines with Remote Container Images”. KubeCon+CloudNaUveCon 2020 NA. hEps://sched.co/ekDj image
Copyright(c)2021 NTT Corp. All Rights Reserved Lazy pulling on containerd (eStargz) proc container Node Stargz Snapsho8er Lazy pull Container Registry Fetching files/chunks on demand MounAng rooBs as FUSE l Stargz Snapsho?er plugin enables lazy pulling of eStargz on containerd (zstd:chunked is on-proposal) • Stargz Snapsho?er is developed in a non-core subproject of containerd • h?ps://github.com/containerd/stargz-snapsho?er l Mounts rooJs snapshots from registry as FUSE and downloads accessed file contents on-demand • Mountable from arbitrary remote store by implemenPng dedicated remote snapsho?er l nerdctl (Docker-compaPble CLI for containerd; h?ps://github.com/AkihiroSuda/nerdctl) supports lazy pulling of eStargz on containerd Implemented as a “remote snapsho?er” image
Copyright(c)2021 NTT Corp. All Rights Reserved FROM ghcr.io/stargz-containers/golang:1.15.3-esgz as dev COPY ./hello.go /hello.go RUN go build -o hello /hello.go COPY and RUN without wai2ng for the pull comple2on Container Registry Lazy pulling on BuildKit (eStargz) golang:1.15.3-esgz • /usr/local/go/bin/go • /usr/local/go/src/fmt/… etc... Fetch files/chunks on demand Build on node Lazy pull l BuildKit > v0.8.0 experimentally supports lazy pulling of eStargz base images during build • FROM instrucMon is skipped and chunks are lazily pulled on-demand during COPY/RUN/etc. l Can shorten the Mme of build e.g. on temporary (and fresh) CI instances with big base images. l More details at blog: hVps://medium.com/nVlabs/buildkit-lazypull-66c37690963f • speeding up building ”hello world” image from tens of seconds to a few seconds at the best image
Copyright(c)2021 NTT Corp. All Rights Reserved Lazy pulling on Podman & CRI-O (eStargz,zstd:chunked) [WIP] l AddiFonal layer store enables lazy pulling on Podman and CRI-O • Patches are WIP: hGps://github.com/containers/storage/pull/795 l Podman/CRI-O use layers provided by addiLonal layer store for rooNs instead of pulling the image from the registry Node AddiFonal Layer Store Lazy pull Remote Store proc container Provides layers Podman, CRI-O Using layers for rooKs image
Copyright(c)2021 NTT Corp. All Rights Reserved Discussion status of addi-onal layer store l Our PoC of addi@onal layer store: hCps://github.com/containerd/stargz-snapshoCer/pull/281 • Lazily pulls eStargz and zstd:chunked from the standard container registries • Mounts image layers from the registry to the node l On-going discussions: • chunk verifica@on, expor@ng layers from addi@onal layer store, and GC Node proc container Moun-ng layers as FUSE Podman, CRI-O Using layers for rooFs Addi-onal Layer Store Lazy pull Container Registry Fetching files/chunks on demand image
Copyright(c)2021 NTT Corp. All Rights Reserved Demo Podman + Addi@onal Layer Store PoC + zstd:chunked
Copyright(c)2021 NTT Corp. All Rights Reserved Updates will come in 2021 Standardizing Lazy pulling l eStargz is proposed to OCI Image Spec l Discussion is on-going l Backward-compaHble extensions hKps://github.com/opencontainers/image-spec/issues/815 Enabling lazy pulling in more projects hKps://github.com/containerd/stargz-snapshoKer/issues/258 l KinD: hKps://github.com/kubernetes-sigs/kind/pull/2076 l K3s: hKps://github.com/k3s-io/k3s/pull/2936 Features and improvements for stabilizing Stargz SnapshoAer & AddiDonal Layer Store l Less-privileged authenHcaHon on Kubernetes: hKps://github.com/containerd/containerd/issues/5105 l Higher availability of Stargz SnapshoKer (mounHng images from mulHple backend registries) l Improvements on memory consumpHon of Stargz SnapshoKer l Speeding up image conversion l StaHc opHmizaHon of images l etc…
Copyright(c)2021 NTT Corp. All Rights Reserved Summary l Pull is one of the ?me-consuming steps in the container lifecycle l OCI-alterna?ve but OCI-compa?ble image formats are trying to solve it by lazy pulling • Legacy (lazy-pull-agnos?c) run?mes can run them (zstd requires recent run?mes). • eStargz by containerd Stargz SnapshoJer subproject • zstd:chunked discussed in Podman community l Collabora6on in community • Lazy pulling (eStargz) is available on: containerd, Kubernetes, BuildKit, Kaniko, go-containerregistry, nerdctl • On-going discussion of “Addi6onal Layer Store” feature to enable lazy pulling on Podman and CRI-O • hJps://github.com/containers/storage/pull/795 l On-going in 2021: Standardizing eStargz in OCI and improvements for stabilizing Stargz SnapshoJer

Recomendados

Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy PullingFaster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy PullingKohei Tokunaga
 
eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動Kohei Tokunaga
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...Akihiro Suda
 
Terraform
TerraformTerraform
TerraformAdam Vincze
 
USENIX ATC 2017: Visualizing Performance with Flame Graphs
USENIX ATC 2017: Visualizing Performance with Flame GraphsUSENIX ATC 2017: Visualizing Performance with Flame Graphs
USENIX ATC 2017: Visualizing Performance with Flame GraphsBrendan Gregg
 
P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
 
BuildKitの概要と最近の機能
BuildKitの概要と最近の機能BuildKitの概要と最近の機能
BuildKitの概要と最近の機能Kohei Tokunaga
 
root権限無しでKubernetesを動かす
root権限無しでKubernetesを動かす root権限無しでKubernetesを動かす
root権限無しでKubernetesを動かす Akihiro Suda
 

Recomendados

Faster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy PullingFaster Container Image Distribution on a Variety of Tools with Lazy Pulling
Faster Container Image Distribution on a Variety of Tools with Lazy PullingKohei Tokunaga
 
eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動eStargzイメージとlazy pullingによる高速なコンテナ起動
eStargzイメージとlazy pullingによる高速なコンテナ起動Kohei Tokunaga
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...Akihiro Suda
 
Terraform
TerraformTerraform
TerraformAdam Vincze
 
USENIX ATC 2017: Visualizing Performance with Flame Graphs
USENIX ATC 2017: Visualizing Performance with Flame GraphsUSENIX ATC 2017: Visualizing Performance with Flame Graphs
USENIX ATC 2017: Visualizing Performance with Flame GraphsBrendan Gregg
 
P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
 
BuildKitの概要と最近の機能
BuildKitの概要と最近の機能BuildKitの概要と最近の機能
BuildKitの概要と最近の機能Kohei Tokunaga
 
root権限無しでKubernetesを動かす
root権限無しでKubernetesを動かす root権限無しでKubernetesを動かす
root権限無しでKubernetesを動かす Akihiro Suda
 
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)NTT DATA Technology & Innovation
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能Kohei Tokunaga
 
Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building ToolsAkihiro Suda
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerFrederik Mogensen
 
コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門Kohei Tokunaga
 
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...James Anderson
 
From DTrace to Linux
From DTrace to LinuxFrom DTrace to Linux
From DTrace to LinuxBrendan Gregg
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Rootless Containers
Rootless ContainersRootless Containers
Rootless ContainersAkihiro Suda
 
PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)
PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)
PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)NTT DATA Technology & Innovation
 
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用Motonori Shindo
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
 
高速にコンテナを起動できるイメージフォーマット
高速にコンテナを起動できるイメージフォーマット高速にコンテナを起動できるイメージフォーマット
高速にコンテナを起動できるイメージフォーマットAkihiro Suda
 
今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみたKohei Tokunaga
 
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)NTT DATA Technology & Innovation
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX ContainerAraf Karsh Hamid
 
Effective terraform
Effective terraformEffective terraform
Effective terraformCalvin French-Owen
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Akihiro Suda
 
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)Lee Myring
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線Motonori Shindo
 
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...Kohei Tokunaga
 
Startup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image DistributionStartup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image DistributionKohei Tokunaga
 

Más contenido relacionado

La actualidad más candente

PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)NTT DATA Technology & Innovation
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能Kohei Tokunaga
 
Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building ToolsAkihiro Suda
 
コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門Kohei Tokunaga
 
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...James Anderson
 
From DTrace to Linux
From DTrace to LinuxFrom DTrace to Linux
From DTrace to LinuxBrendan Gregg
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Rootless Containers
Rootless ContainersRootless Containers
Rootless ContainersAkihiro Suda
 
PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)
PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)
PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)NTT DATA Technology & Innovation
 
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用Motonori Shindo
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
 
高速にコンテナを起動できるイメージフォーマット
高速にコンテナを起動できるイメージフォーマット高速にコンテナを起動できるイメージフォーマット
高速にコンテナを起動できるイメージフォーマットAkihiro Suda
 
今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみたKohei Tokunaga
 
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)NTT DATA Technology & Innovation
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Akihiro Suda
 
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)Lee Myring
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線Motonori Shindo
 

La actualidad más candente (20)

PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
PostgreSQLをKubernetes上で活用するためのOperator紹介!(Cloud Native Database Meetup #3 発表資料)
 
containerdの概要と最近の機能
containerdの概要と最近の機能containerdの概要と最近の機能
containerdの概要と最近の機能
 
Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools Comparing Next-Generation Container Image Building Tools
Comparing Next-Generation Container Image Building Tools
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門コンテナ未経験新人が学ぶコンテナ技術入門
コンテナ未経験新人が学ぶコンテナ技術入門
 
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
 
From DTrace to Linux
From DTrace to LinuxFrom DTrace to Linux
From DTrace to Linux
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Rootless Containers
Rootless ContainersRootless Containers
Rootless Containers
 
PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)
PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)
PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)
 
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
Cluster API によるKubernetes環境のライフサイクル管理とマルチクラウド環境での適用
 
[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020[KubeCon NA 2020] containerd: Rootless Containers 2020
[KubeCon NA 2020] containerd: Rootless Containers 2020
 
高速にコンテナを起動できるイメージフォーマット
高速にコンテナを起動できるイメージフォーマット高速にコンテナを起動できるイメージフォーマット
高速にコンテナを起動できるイメージフォーマット
 
今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた今話題のいろいろなコンテナランタイムを比較してみた
今話題のいろいろなコンテナランタイムを比較してみた
 
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
Apache Spark on Kubernetes入門(Open Source Conference 2021 Online Hiroshima 発表資料)
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX Container
 
Effective terraform
Effective terraformEffective terraform
Effective terraform
 
Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行
 
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
 
コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線コンテナネットワーキング(CNI)最前線
コンテナネットワーキング(CNI)最前線
 

Similar a Starting up Containers Super Fast With Lazy Pulling of Images

Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...Kohei Tokunaga
 
Startup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image DistributionStartup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image DistributionKohei Tokunaga
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container imagesAkihiro Suda
 
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...Akihiro Suda
 
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterThe overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterKohei Tokunaga
 
Ippevent : openshift Introduction
Ippevent : openshift IntroductionIppevent : openshift Introduction
Ippevent : openshift Introductionkanedafromparis
 
BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話Kohei Tokunaga
 
Scale11x lxc talk
Scale11x lxc talkScale11x lxc talk
Scale11x lxc talkdotCloud
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned RightScale
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep DiveAkihiro Suda
 
Git Presentation - Purple Scout AB Malmö
Git Presentation - Purple Scout AB MalmöGit Presentation - Purple Scout AB Malmö
Git Presentation - Purple Scout AB MalmöEmil Erlandsson
 
Infinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloadedInfinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloadedInfinit
 
Continuous delivery workflow with Docker
Continuous delivery workflow with DockerContinuous delivery workflow with Docker
Continuous delivery workflow with DockerIgor Moochnick
 
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...Akihiro Suda
 
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)JiandSon
 
LXC Containers and AUFs
LXC Containers and AUFsLXC Containers and AUFs
LXC Containers and AUFsDocker, Inc.
 
Pune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCDPune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCDPrashant Rane
 

Similar a Starting up Containers Super Fast With Lazy Pulling of Images (20)

Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...
 
Startup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image DistributionStartup Containers in Lightning Speed with Lazy Image Distribution
Startup Containers in Lightning Speed with Lazy Image Distribution
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images
 
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...
 
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz SnapshotterThe overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
The overview of lazypull with containerd Remote Snapshotter & Stargz Snapshotter
 
Docker_AGH_v0.1.3
Docker_AGH_v0.1.3Docker_AGH_v0.1.3
Docker_AGH_v0.1.3
 
Ippevent : openshift Introduction
Ippevent : openshift IntroductionIppevent : openshift Introduction
Ippevent : openshift Introduction
 
BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話BuildKitでLazy Pullを有効にしてビルドを早くする話
BuildKitでLazy Pullを有効にしてビルドを早くする話
 
Scale11x lxc talk
Scale11x lxc talkScale11x lxc talk
Scale11x lxc talk
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
 
[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive[KubeCon EU 2020] containerd Deep Dive
[KubeCon EU 2020] containerd Deep Dive
 
Git Presentation - Purple Scout AB Malmö
Git Presentation - Purple Scout AB MalmöGit Presentation - Purple Scout AB Malmö
Git Presentation - Purple Scout AB Malmö
 
Infinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloadedInfinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloaded
 
Continuous delivery workflow with Docker
Continuous delivery workflow with DockerContinuous delivery workflow with Docker
Continuous delivery workflow with Docker
 
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...
 
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
2013.02.02 지앤선 테크니컬 세미나 - Xcode를 활용한 디버깅 팁(OSXDEV)
 
Debugging ZFS: From Illumos to Linux
Debugging ZFS: From Illumos to LinuxDebugging ZFS: From Illumos to Linux
Debugging ZFS: From Illumos to Linux
 
LXC Containers and AUFs
LXC Containers and AUFsLXC Containers and AUFs
LXC Containers and AUFs
 
Pune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCDPune-Cocoa: Blocks and GCD
Pune-Cocoa: Blocks and GCD
 
Docker.io
Docker.ioDocker.io
Docker.io
 

Más de Kohei Tokunaga

Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Kohei Tokunaga
 
Introduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdIntroduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdKohei Tokunaga
 
DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるKohei Tokunaga
 
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するKohei Tokunaga
 
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動するKohei Tokunaga
 
OCIランタイムの筆頭「runc」を俯瞰する
OCIランタイムの筆頭「runc」を俯瞰するOCIランタイムの筆頭「runc」を俯瞰する
OCIランタイムの筆頭「runc」を俯瞰するKohei Tokunaga
 
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!Kohei Tokunaga
 
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェストKohei Tokunaga
 

Más de Kohei Tokunaga (8)

Dockerからcontainerdへの移行
Dockerからcontainerdへの移行Dockerからcontainerdへの移行
Dockerからcontainerdへの移行
 
Introduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdIntroduction and Deep Dive Into Containerd
Introduction and Deep Dive Into Containerd
 
DockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐるDockerとKubernetesをかけめぐる
DockerとKubernetesをかけめぐる
 
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略しcontainerdでコンテナを高速に起動する
 
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動するStargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
Stargz Snapshotter: イメージのpullを省略してcontainerdでコンテナを高速に起動する
 
OCIランタイムの筆頭「runc」を俯瞰する
OCIランタイムの筆頭「runc」を俯瞰するOCIランタイムの筆頭「runc」を俯瞰する
OCIランタイムの筆頭「runc」を俯瞰する
 
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
OCIv2?!軽量高速なイケてる次世代イメージ仕様の最新動向を抑えよう!
 
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
5分で振り返るKubeCon EU 2019:ランタイムとイメージの話題ダイジェスト
 

Último

WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...chiefasafspells
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 

Último (20)

WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 

Starting up Containers Super Fast With Lazy Pulling of Images

  • 1. Copyright(c)2021 NTT Corp. All Rights Reserved Star%ng up Containers Super Fast With Lazy Pulling of Images Kohei Tokunaga, NTT Corporation Container Plumbing Days (March 10)
  • 2. Copyright(c)2021 NTT Corp. All Rights Reserved TL;DR l Pull is one of the ?me-consuming steps in the container lifecycle l OCI-alterna?ve but OCI-compa?ble image formats are trying to solve it by lazy pulling • Legacy (lazy-pull-agnos?c) run?mes can run them (zstd requires recent run?mes). • eStargz by containerd Stargz SnapshoJer subproject • zstd:chunked discussed in Podman community l Collabora9on in community • Lazy pulling (eStargz) is available on: containerd, Kubernetes, BuildKit, Kaniko, go-containerregistry, nerdctl • On-going discussion of “Addi9onal Layer Store” feature to enable lazy pulling on Podman and CRI-O • hJps://github.com/containers/storage/pull/795 l On-going in 2021: Standardizing eStargz in OCI and improvements for stabilizing Stargz SnapshoJer Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04) Registry: GitHub Container Registry (ghcr.io) Run?me: containerd + Stargz SnapshoJer (47596d3) (See detailed info in the later slides) [sec] 0 5 10 15 20 25 30 zstd:chunked estargz estargz-noopt legacy gcc:10.2.0 (Compiles and runs printf("hello")) pull create run
  • 3. Copyright(c)2021 NTT Corp. All Rights Reserved Pull is 'me-consuming pulling packages accounts for 76% of container start Cme, but only 6.4% of that data is read [Harter et al. 2016] [Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast DistribuCon with Lazy Docker Containers". 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA Caching images Minimizing image size Cold start is still slow Not all images are minimizable Language runtimes, frameworks, etc. Workarounds are known but not enough Node Registry Image Container pull run
  • 4. Copyright(c)2021 NTT Corp. All Rights Reserved Problem on the current OCI/Docker image sha256:deadbeaf… sha256:1a3b5c… sha256:ffe63c… sha256:6ccde1… GET /v2/<image-name>/blobs/ bin/bash bin/ls etc/passwd etc/group usr/bin/apt layer = tarball (+compression) A container is a set of tarball layers A container can’t be started until the all layers become locally available l Need to scan the entire blob even for extracting single file entry • If the blob is gzip-compressed, it’s non-seekable anymore l No parallel extraction • Need to scan the blob from the top, sequentially
  • 5. Copyright(c)2021 NTT Corp. All Rights Reserved Alterna(ve image formats: eStargz and zstd:chunked OCI run?mes Container Registry lazypull doesn’t download the entire image on pull operation but fetches necessary chunks of contents on-demand eStargz zstd:chunked BuildKit l Enable lazy pulling of container images from the registry l Compa?ble to OCI Image Specifica?on so lazy-pulling-agnos(c run(mes s(ll can run them • eStargz by containerd Stargz SnapshoJer subproject is compa?ble to gzip layers • zstd:chunked discussed in Podman community is compa?ble to zstd layers • Note: zstd requires recent run?mes (discussed later) CRI-O Podman
  • 6. Copyright(c)2021 NTT Corp. All Rights Reserved eStargz
  • 7. Copyright(c)2021 NTT Corp. All Rights Reserved eStargz overview l A variant of gzip compression. Compa@ble to RFC1952 (gzip) • Proposed by containerd Stargz SnapshoGer hGps://github.com/containerd/stargz-snapshoGer • Based on the stargz by Google CRFS (hGps://github.com/google/crfs) • eStargz comes with content verifica@on and performance op@miza@on l gzip-compressed layer is supported by OCI/Docker Image Spec and common in the current ecosystem • Legacy (lazy-pulling-agnos@c) run@mes s@ll can run eStargz (but without lazy pulling) l Lazy pulling of eStargz starts to be supported in community • Crea@ng eStargz: Kaniko, nerdctl, go-containerregistry, etc. • Lazy pulling of eStargz: containerd (and Kubernetes), BuildKit • Tracking at hGps://github.com/containerd/stargz-snapshoGer/issues/258
  • 8. Copyright(c)2021 NTT Corp. All Rights Reserved The structure of eStargz l Seekable: Each file payload is compressed separately so can be extracted separately • SEll compaEble to RFC 1952 (gzip) • Each file/chunk can be fetched from the registry on-demand, using HTTP Range Request l Metadata (name, type, owner, …) of all files are stored to TOC (Table Of Contents) entry • Filesystem can be mounted without fetching the enEre blob l PrioriAzed files enables to prefetch likely accessed files ⚠ eStargz is incompaEble to stargz: “footer” is changed to make eStargz compaEble to RFC 1952 eStargz bin/ls usr/bin/apt entrypoint.sh bin/bash PrioriAzed files Prefetched by a single HTTP Range Request TOC(Table Of Contents) and footer l TOC contains files metadata, offset, etc… l footer contains offset of TOC ⚠ footer is incompaEble to stargz Files fetched on demand Can also be aggressively downloadeed in background gzip member per regular file/chunk Each chunk can be fetched and extracted separately, using HTTP Range Request of registry stargz bin/ls usr/bin/apt entrypoint.sh bin/bash For more details: hUps://github.com/containerd/stargz-snapshoUer/blob/master/docs/stargz-estargz.md
  • 9. Copyright(c)2021 NTT Corp. All Rights Reserved Workload-based Op/miza/on proc container Input image Output image Convert & Op/mize Profile file access l Downloading each file/chunk on-demand costs extra overhead on each file access. l Leveraging eStargz, CLI converter command ctr-remote provides workload-based op/miza/on • Workload: entrypoint, envvar, etc… specified in Dockerfile (e.g. ENTRYPOINT) l ctr-remote (opRmizer tool) analyzes which files are likely accessed during runRme • Runs provided image and profiles all file accesses • Regards accessed files are also likely accessed during runRme (= priori/zed files) • Stargz SnapshoTer will prefetch these files when mounts this image eStargz For more details: hTps://github.com/containerd/stargz-snapshoTer/blob/master/docs/ctr-remote.md
  • 10. Copyright(c)2021 NTT Corp. All Rights Reserved Content Verifica-on in eStargz chunkDigest chunkDigest chunkDigest containerd.io/snapshot/stargz/toc.digest file/chunk data file/chunk data file/chunk data Verified on resolve Verified on mount Verified on each fetch references by digest references by digest OCI Manifest TOC (metadata of all files) l Chunks are lazily pulled from registry on-demand • so they cannot verified when mounKng the layer l Chunks are “lazily” verified • TOC (metadata file) records digests per chunk • Each chunk can be verified when it’s fetched to the node • TOC itself is verified when mounKng that layer using the digest wriPen in the manifest (OCI AnnotaKon) For more details: hPps://github.com/containerd/stargz-snapshoPer/blob/master/docs/verificaKon.md (the above figure is from this doc)
  • 11. Copyright(c)2021 NTT Corp. All Rights Reserved Discussion status of zstd:chunked
  • 12. Copyright(c)2021 NTT Corp. All Rights Reserved zstd:chunked overview l A variant of zstd compression discussed in Podman community. • Proposed by Giuseppe Scrivano, Red Hat: hHps://github.com/containers/storage/pull/775 • Fast decompression by zstd • The idea is based on stargz (i.e. compresses each file separately) l Our lazy pulling implementaOon for zstd:chunked • hHps://github.com/containerd/stargz-snapshoHer/pull/281 l zstd-compressed (non-chunked) layer is start to be supported by recent runOmes • OCI image spec supports since August 2019 • hHps://github.com/opencontainers/image-spec/pull/788 • Containerd (v1.5 beta) supports zstd compressed layers. • CRI-O, Podman (github.com/containers/storage) supports zstd layers. • Docker: In progress hHps://github.com/moby/moby/issues/28394
  • 13. Copyright(c)2021 NTT Corp. All Rights Reserved The structure of zstd:chunked Figure is from the proposal by Giuseppe Scrivano, Red Hat: hGps://github.com/containers/storage/pull/775 l Seekable: Each file payload is compressed separately so can be extracted separately l Metadata (name, type, owner, …) of all files are stored to the Manifest(= TOC of eStargz/stargz) Ø Filesystem can be mounted without fetching the enUre blob l Manifest(TOC) and Footer are prefixed by skippable frame Ø Invisible to zstd:chunked-agnosUc runUmes (decompressor) l Prefetch is not supported (currently)
  • 14. Copyright(c)2021 NTT Corp. All Rights Reserved Content Verifica-on in zstd:chunked digest digest digest io.containers.zstd-chunked.manifest-checksum File payload File payload File payload Verified on resolve Verified on mount Verified on each fetch references by digest references by digest OCI Manifest TOC Manifest (metadata of all files) l “lazy” verificaJon based on eStargz • Manifest (TOC; metadata file) records digests of all files payload • Each file payload can be verified when it’s fetched to the node • TOC itself is verified when mounJng that layer using the digest wriPen in the manifest (OCI AnnotaJon)
  • 15. Copyright(c)2021 NTT Corp. All Rights Reserved Startup (me of eStargz and zstd:chunked
  • 16. Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup l Measures the container startup ?me which includes: • Pulling an image from GitHub Container Registry • For language container, running “print hello world” program in the container • For server container, wai?ng for the readiness (un?l “up and running” message is printed) • This method is based on Hello Bench [Harter, et al. 2016] l Takes 95 percen?le of 100 opera?ons l Host: EC2 Oregon (m5.2xlarge, Ubuntu 20.04) l Registry: GitHub Container Registry (ghcr.io) l Run?me: containerd + Stargz Snapsho[er (patched for enabling zstd:chunked) • h[ps://github.com/containerd/stargz-snapsho[er/pull/281 • Commit: 47596d33fa737ada970432938e36e9eff93c19f [Harter et al. 2016] Tyler Harter, Brandon Salmon, Rose Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau. "Slacker: Fast Distribu?on with Lazy Docker Containers". 14th USENIX Conference on File and Storage Technologies (FAST ’16). February 22–25, 2016, Santa Clara, CA, USA
  • 17. Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup [sec] Waits for prefetch compleAon 0 5 10 15 20 25 30 zstd:chunked estargz estargz-noopt legacy gcc:10.2.0 (Compiles and runs prinJ("hello")) pull create run
  • 18. Copyright(c)2021 NTT Corp. All Rights Reserved Time to take for container startup [sec] Waits for prefetch compleAon 0 5 10 15 20 25 zstd:chunked estargz estargz-noopt legacy tomcat:10.0.0-jdk15-openjdk-buster(runs unAl "Server startup" is printed) pull create run
  • 19. Copyright(c)2021 NTT Corp. All Rights Reserved Adop%on status of eStargz and zstd:chunked
  • 20. Copyright(c)2021 NTT Corp. All Rights Reserved Lazy pulling on Kubernetes (eStargz) Nodes Stargz Snapsho9er External process gRPC API kubelet Lazy pull Container Registry Stargz Snapsho9er Stargz Snapsho9er l Lazy pulling can be enabled on Kubernetes without patches (eStargz is only supported currently) l containerd + Stargz SnapshoEer (discussed later) are needed on each node (CRI-O is WIP) l Real-world use-case at CERN for speeding up analysis pipeline [1] (13x faster pull for 5GB image) l On-going integraUon with KinD and k3s • KinD: hEps://github.com/k3s-io/k3s/pull/2936 • k3s: hEps://github.com/kubernetes-sigs/kind/pull/2076 [1] Ricardo Rocha & Spyridon Trigazis, CERN. “Speeding Up Analysis Pipelines with Remote Container Images”. KubeCon+CloudNaUveCon 2020 NA. hEps://sched.co/ekDj image
  • 21. Copyright(c)2021 NTT Corp. All Rights Reserved Lazy pulling on containerd (eStargz) proc container Node Stargz Snapsho8er Lazy pull Container Registry Fetching files/chunks on demand MounAng rooBs as FUSE l Stargz Snapsho?er plugin enables lazy pulling of eStargz on containerd (zstd:chunked is on-proposal) • Stargz Snapsho?er is developed in a non-core subproject of containerd • h?ps://github.com/containerd/stargz-snapsho?er l Mounts rooJs snapshots from registry as FUSE and downloads accessed file contents on-demand • Mountable from arbitrary remote store by implemenPng dedicated remote snapsho?er l nerdctl (Docker-compaPble CLI for containerd; h?ps://github.com/AkihiroSuda/nerdctl) supports lazy pulling of eStargz on containerd Implemented as a “remote snapsho?er” image
  • 22. Copyright(c)2021 NTT Corp. All Rights Reserved FROM ghcr.io/stargz-containers/golang:1.15.3-esgz as dev COPY ./hello.go /hello.go RUN go build -o hello /hello.go COPY and RUN without wai2ng for the pull comple2on Container Registry Lazy pulling on BuildKit (eStargz) golang:1.15.3-esgz • /usr/local/go/bin/go • /usr/local/go/src/fmt/… etc... Fetch files/chunks on demand Build on node Lazy pull l BuildKit > v0.8.0 experimentally supports lazy pulling of eStargz base images during build • FROM instrucMon is skipped and chunks are lazily pulled on-demand during COPY/RUN/etc. l Can shorten the Mme of build e.g. on temporary (and fresh) CI instances with big base images. l More details at blog: hVps://medium.com/nVlabs/buildkit-lazypull-66c37690963f • speeding up building ”hello world” image from tens of seconds to a few seconds at the best image
  • 23. Copyright(c)2021 NTT Corp. All Rights Reserved Lazy pulling on Podman & CRI-O (eStargz,zstd:chunked) [WIP] l AddiFonal layer store enables lazy pulling on Podman and CRI-O • Patches are WIP: hGps://github.com/containers/storage/pull/795 l Podman/CRI-O use layers provided by addiLonal layer store for rooNs instead of pulling the image from the registry Node AddiFonal Layer Store Lazy pull Remote Store proc container Provides layers Podman, CRI-O Using layers for rooKs image
  • 24. Copyright(c)2021 NTT Corp. All Rights Reserved Discussion status of addi-onal layer store l Our PoC of addi@onal layer store: hCps://github.com/containerd/stargz-snapshoCer/pull/281 • Lazily pulls eStargz and zstd:chunked from the standard container registries • Mounts image layers from the registry to the node l On-going discussions: • chunk verifica@on, expor@ng layers from addi@onal layer store, and GC Node proc container Moun-ng layers as FUSE Podman, CRI-O Using layers for rooFs Addi-onal Layer Store Lazy pull Container Registry Fetching files/chunks on demand image
  • 25. Copyright(c)2021 NTT Corp. All Rights Reserved Demo Podman + Addi@onal Layer Store PoC + zstd:chunked
  • 26. Copyright(c)2021 NTT Corp. All Rights Reserved Updates will come in 2021 Standardizing Lazy pulling l eStargz is proposed to OCI Image Spec l Discussion is on-going l Backward-compaHble extensions hKps://github.com/opencontainers/image-spec/issues/815 Enabling lazy pulling in more projects hKps://github.com/containerd/stargz-snapshoKer/issues/258 l KinD: hKps://github.com/kubernetes-sigs/kind/pull/2076 l K3s: hKps://github.com/k3s-io/k3s/pull/2936 Features and improvements for stabilizing Stargz SnapshoAer & AddiDonal Layer Store l Less-privileged authenHcaHon on Kubernetes: hKps://github.com/containerd/containerd/issues/5105 l Higher availability of Stargz SnapshoKer (mounHng images from mulHple backend registries) l Improvements on memory consumpHon of Stargz SnapshoKer l Speeding up image conversion l StaHc opHmizaHon of images l etc…
  • 27. Copyright(c)2021 NTT Corp. All Rights Reserved Summary l Pull is one of the ?me-consuming steps in the container lifecycle l OCI-alterna?ve but OCI-compa?ble image formats are trying to solve it by lazy pulling • Legacy (lazy-pull-agnos?c) run?mes can run them (zstd requires recent run?mes). • eStargz by containerd Stargz SnapshoJer subproject • zstd:chunked discussed in Podman community l Collabora6on in community • Lazy pulling (eStargz) is available on: containerd, Kubernetes, BuildKit, Kaniko, go-containerregistry, nerdctl • On-going discussion of “Addi6onal Layer Store” feature to enable lazy pulling on Podman and CRI-O • hJps://github.com/containers/storage/pull/795 l On-going in 2021: Standardizing eStargz in OCI and improvements for stabilizing Stargz SnapshoJer